Modulo Counting on Words and Trees.

Bartosz Bednarczyk

and Witold Charatonik

1 Computer Science Department, ENS Paris-Saclay, Cachan, France; and Institute of Computer Science, University of Wrocław, Wrocław, Poland bartosz.bednarczyk@ens-paris-saclay.fr

2 Institute of Computer Science, University of Wrocław, Wrocław, Poland wch@cs.uni.wroc.pl

Abstract

We consider the satisfiability problem for the two-variable fragment of the first-order logic ex- tended with modulo counting quantifiers and interpreted over finite words or trees. We prove a small-model property of this logic, which gives a technique for deciding the satisfiability problem.

In the case of words this gives a new proof ofExpSpaceupper bound, and in the case of trees it gives a 2-ExpTimealgorithm. This algorithm is optimal: we prove a matching lower bound by a generic reduction from alternating Turing machines working in exponential space; the reduction involves a development of a new version of tiling games.

1998 ACM Subject Classification F.4 Mathematical Logic and Formal Languages Keywords and phrases satisfiability, trees, words, two-variable logic, modulo quantifiers Digital Object Identifier 10.4230/LIPIcs.FSTTCS.2017.12

1 Introduction

Two-variable logics. Two-variable logic, FO², is one of the most prominent decidable fragments of first-order logic. It is important in computer science because of its decidability and connections with other formalisms like modal, temporal and description logics or query languages. The satisfiability problem for FO²isNExpTime-complete and satisfiable formulas have models of exponential size. In this paper we are interested in extensions of FO²interpreted over finite words and trees. It is known that FO²over words can express the same properties as unary temporal logic [9] and FO² over trees is precisely as expressive as the navigational core of XPath, a query language for XML documents [16]. The satisfiability problem for FO² over words is shown to beNExpTime-complete in [9], and over trees – ExpSpace-complete in [4]. Recently it was shown that these complexities do not change[7, 3]

if counting quantifiers of the form∃^≤k,∃^≥k are added.

Modulo counting quantifiers. First-order logic has a limited expressive power. For example, it cannot express even such simple quantitative properties as parity. To overcome this problem, Wolfgang Thomas with his coauthors introduced in the 80s of the last centurymodulo counting quantifiers of the form “there existsamodb elementsxsuch that . . . ”. A survey of results in first order logic extended with modulo counting quantifiers can be found in [22]. Recent research in this area involves a study of definability of regular languages on words and its connections to algebra [22], [23]; definable languages of (N,+) [19], [14]; equivalences

∗ Supported by the Polish National Science Centre grant No. 2016/21/B/ST6/01444.

† A full version of the paper is available athttp://arxiv.org/abs/1710.05582.

© Bartosz Bednarczyk and Witold Charatonik;

licensed under Creative Commons License CC-BY

of finite structures [17]; definable tree languages [18], [5]; locality [11], [12]; extensions of Linear Temporal Logic [1], [21], complexity of the model-checking problem [12], [6]. Not much is known about the complexity of the satisfiability problem for this logic. The only work that we are aware of is [15], which provesExpSpace-completeness of the satisfiability problem for FO² with modulo counting quantifiers over finite words. On the other hand, a simple adaptation of automata techniques for deciding WS1S or WS2S gives a non-elementary decision procedure for the satisfiability problem of full first-order logic with modulo quantifiers over words or ranked trees.

Our contribution. We consider the satisfiability problem for FO² with modulo counting quantifiers interpreted over finite words and trees. We provide an alternative to [15] proof of ExpSpaceupper bound for the case of words. This proof is based on a small-model property of this logic and can be extended to the case of ordered and unranked trees. By ordered, we mean that the list of children of any node is ordered by the sibling relation, and by unranked, that there is no limit on the number of children. We prove that the case of such trees is 2-ExpTime-complete. For the upper bound, we again prove a small-model theorem and then give an alternating algorithm that decides the problem in exponential space. SinceAExpSpace= 2-ExpTime, this gives the desired upper bound. With some obvious modifications this algorithm can be also applied to unordered or ranked trees. For the lower bound, we develop a new version of tiling games that can encode computations of alternating Turing machines working in exponential space, and can be encoded in the logic. In our encoding we do not use ordering of children, and the number of children of any node is bounded by 2, which shows that already the case of unordered and ranked trees is 2-ExpTime-hard.

Due to space limits some proofs and encodings are omitted. They can be found in the full version of the paper [2].

2 Preliminaries

Tuples and modulo remainders. By ak-tuple of numbers we mean an element of the set N^k. By~0k and~1k we will denotek-tuples consisting of, respectively, only zeros and only ones. We denote thei-th element of ak-tuplet byπ_i(t). We will often drop the subscriptk if the dimensionkis clear from the context.

Consider a finite setX, a numberk∈Nand a mappingf fromX toN^k. We say thatf iszero, if for allx∈X we havef(x) =~0k. We say thatf is a singleton, if there exists a unique argumentx∈X such thatf(x) =~1k and for all other arguments the functionf is zero.

Letnbe a positive integer. ByZnwe denote the set of all remainders modulon, that is the set{0,1, . . . , n−1}. We denote byr_n the remainder function modulon, that isr_n:N→Zn, rn(x) =xmodn.

Syntax and semantics. We refer to structures with fraktur letters, and to their universes with the corresponding Roman letters. We always assume that structures have non-empty universes. We work with signatures of the formτ =τ₀∪τ_nav, whereτ₀ is a set of unary relational symbols, and τnav ⊆ {↓,↓⁺,→,→⁺,≤,succ} is the set of navigational binary symbols, which will be interpreted in a special way, depending on which kind of structures, words or trees, are considered as models.

We define the two-variable fragment of first-order logic with modulo counting quantifiers FO²_MODas the set of all first-order formulas (over the signatureτ), featuring only the variables xandy, extended with modulo counting quantifiers of the form ∃^≤k,l,∃^=k,land∃^≥k,l, where l ∈ Z+ is a positive integer and k ∈ Zl. The formal semantics of such quantifiers is as follows: a formula∃^./k,ly ϕ(x, y), where ./∈ {≤,=,≥}, is true at elementaof a structure M, in symbolsM, a|= ∃^./k,l y ϕ(x, y)

if and only if rl(|{b∈M :ϕ[a, b]}|) ./ k. When measuring the length of formulas we will assume binary encodings of numbersk andl in superscripts of modulo quantifiers.

In [15] the authors use a different notation for modulo counting quantifiers in their logic FOmod²[<]. It seems that the main difference is that they require equality in place of our ./comparison. The use of ≤and≥operators makes the logic exponentially more succinct.

For example the formula∃^≥2n,2·2nx p(x) has lengthO(n), while an equivalent formula in FOmod²[<] has the formW2·2ⁿ

i=2ⁿ∃^=i,2·2nx p(x) and its length is Ω(2ⁿ·n).

We write FO²_MOD[τnav], to denote that the only binary symbols that are allowed in signa- tures are fromτ_nav. We will work with two logics: FO²_MOD[≤,succ] and FO²_MOD[↓,↓⁺,→,→⁺].

The former is interpreted over finite words, where≤ denotes the linear order over word positions andsucc is the successor relation. The latter logic is interpreted over finite, un- ranked and ordered trees. The interpretation of the symbols fromτnav is the following: ↓ is interpreted as the child relation,→as the right sibling relation, and↓⁺ and→⁺as their respective transitive closures. We readu↓w as “wis achildofu” andu→was “wis the right sibling ofu”. We will also use other standard terminology likeancestor, descendant, preceding-sibling,following-sibling, etc. In both cases of words and trees all elements of the universe can be labeled by an arbitrary number of unary predicates from τ0.

Normal form. As usual when working with two-variable logic, it is convenient to use so- called Scott normal form [20]. The main feature of such form is that nesting of quantifiers is restricted to depth two. Below we adapt this notion to the setting of FO²_MOD.

IDefinition 1. We say that a formula ϕ∈FO²_MODis in normal form, if

ϕ=∀x∀y χ(x, y)∧

n

^

i=1

∀x∃y χi(x, y)∧

m

^

j=1

∀x∃^./jkj,ljy ψj(x, y)

where ./_i∈ {≤,≥}, each l_j is a positive integer and each k_j ∈ Zlj and all χ, χ_i and ψ_j formulas are quantifier-free. We require bothnandmparameters to be non-zero.

The following lemma is proved by a routine adaptation of a normal form proof from [10].

ILemma 2. Let ϕbe a formula fromFO²_MOD over a signature τ. There exists a polyno- mially computable FO²_MOD normal form formulaϕ⁰ over signature τ⁰, consisting of τ and polynomially many additional unary symbols, such thatϕandϕ⁰ are equisatisfiable.

In the next sections, when a normal form formula ϕis considered we always assume that it is as in Definition 1. In particular we allow ourselves, without explicitly recalling the shape ofϕ, to refer to its parametersn, m, componentsχ, χi, ψj and numberskj, lj given in modulo counting quantifiers.

Consider a conjunct∀x∃y χ_i(x, y) from an FO²_MOD normal form formulaϕ. LetMbe its finite model and let v∈M be an arbitrary element from the structure. Then an element w∈M such thatM|=χi[v, w] is called aχi-witnessforv. Analogously, we will speak about ψj-witnesses for modulo conjuncts or simply witnesses if a formula is clear from the context.

Order formulas. Let us callorder formulas the formulas specifying relative positions of pairs of elements in a structure with respect to the binary navigational predicates.

In the case of words, whenτ_nav={≤,succ}, there are five possible order formulas: x=y, succ(x, y), succ(y, x), x6=y∧ ¬succ(x, y)∧x≤y and x6=y∧ ¬succ(y, x)∧y≤x. We denote them respectively asθ₌, θ₊₁, θ₋₁, θ, θ. Let Θ_wordsbe the set of these five formulas.

In the case of trees, whenτnav ={↓,↓⁺,→,→⁺}, we usex6∼y to abbreviate the formula stating thatxandyare infree position, i.e., that they are related by none of the navigational binary predicates available in the signature. There are ten possible order formulas: x↓y,y↓x, x↓⁺y∧ ¬(x↓y), y↓⁺x∧ ¬(y↓x),x→y, y→x, x→⁺y∧ ¬(x→y), y→⁺x∧ ¬(y→x),x6∼y,x=y.

They are denoted, respectively, as: θ_↓,θ_↑,θ_↓↓+,θ_↑↑+,θ_→,θ_←,θ_⇒+,θ_⇔+,θ_6∼,θ₌. Let Θ_trees be the set of these ten formulas. We will use symbol Θ to denote either Θwordsor Θtrees if the type of structure is not important or clear from context.

Types and local configurations. Following a standard terminology, anatomic1-type over a signature τ is a maximal satisfiable set of atoms or negated atoms involving only the variable x. Usually we identify a 1-type with the conjunction of all its elements. We will denote byαthe set of all 1-types overτ. Note that the size ofαis exponential in the size ofτ. For a givenτ-structure M, and an elementv∈M we say thatv realizes a 1-typeα, if αis the unique 1-type such thatM|=α[v]. We denote by tp^M(v) the 1-type realized byv.

A 1-type provides us only information about a single element of a model. Below we generalize this notion such that for each element of a structure it provides us also some information about surrounding elements and their 1-types.

IDefinition 3. An (l₁, l₂, . . . , l_m)-full type αover a signatureτ is a function of the type α: Θ→α→ {0,1}×Zl₁×Zl₂×. . .×Zl_m(a function that takes an order formula from Θ and returns a function that takes a 1-type fromαand returns a tuple of integers). Additionally, we require that all (l1, l2, . . . , lm)-full types satisfy the following conditions:

α(θ=) is a singleton,

α(θ) is either zero or singleton forθ∈ {θ+1, θ₋₁, θ_→, θ_↑, θ_←}and

ifα(θ+1) (respectivelyα(θ₋₁), α(θ_→), α(θ_↓), α(θ_←), α(θ_↑)) is zero then also the function α(θ) (respectivelyα(θ), α(θ_⇒+), α(θ_↓↓+), α(θ_⇔+), α(θ_↑↑+)) is zero.

In the following, if the numbersl1, l2, . . . , lm are clear from the context or not important, we will be omitting them.

Let us briefly describe the idea behind the notion of full types. Ideally, for a given element vof a structure M, we would like to know the exact number of occurrences of each 1-type on each relative position. However, to keep the memory usage under control, we store only a summary of this information. For the purpose of∀∃ conjuncts of a formula in normal form, it is enough to know if a typeαoccurs at least once in a given relative position. This information is stored in the 0-1 part of a full type. Additionally, for the purpose of∃^./jkj,lj conjuncts, we store the remainders of the total numbers of occurrences of each 1-typeα modulo each oflj appearing in modulo quantifiers.

IDefinition 4. LetMbe aτ-structure andv an arbitrary element fromM. We will denote by (l1, l2, . . . , lm)–ftp^M(v) the unique (l1, l2, . . . , lm)-full type realized by v inM, i.e., the (l1, l2, . . . , lm)-full typeαsuch that for all order formulasθ∈Θ and for all atomic 1-typesα, the value ofα(θ)(α) is equal to the tuple (cut1(W), rl₁(W), rl₂(W), . . . , rl_m(W)), where W is the number of occurrences of elements of typeαin the relative position described byθ, namely

W =|{w∈M :M|=θ[v, w]∧tp^M(w) =α}|.

andcut1(W) is 0 ifW is empty and 1 otherwise.

The following definition and lemma are basic tools used in the proofs of small-model properties FO²_MOD.

IDefinition 5 (ϕ-consistency). Let ϕbe a FO²_MOD formula in normal form and let αbe the unique 1-type satisfying α(θ=)(α) =~1. We say that a (l1, l2, . . . , lm)-full type α is ϕ-consistent, if it satisfies the following conditions:

1. It does not violate the∀∀subformula i.e. for all order formulasθ∈Θ and for all 1-types β such thatα(θ)(β)6=~0, the implicationα(x)∧β(y)∧θ(x, y)|=χ(x, y) holds.

2. There is a witness for each∀∃conjunct ofϕ. Formally, consider a number 1≤i≤nand a subformula∀x∃y χ_i(x, y). We require that there exists a 1-typeβ and an order formula θ ∈ Θ such that α(θ)(β)6=~0 and the logical implication α(x)∧β(y)∧θ(x, y) |= χi(x, y) holds.

3. Each modulo conjunct has the right number of witnesses. Consider a number 1≤j≤m and a subformula ∀x∃^./jkj,ljy ψj(x, y). We require that the remainder modulo lj of the number of witnesses encoded in the full-type satisfies the inequality ./_j k_j. Formally,

r_lj X

θ∈Θ,β∈α:α(x)∧β(y)∧θ(x,y)|=ψj(x,y)

π_j+1(α(θ)(β))

! ./_jk_j.

A proof of the following lemma is a straightforward unfolding of Definitions 4 and 5 and the definition of the semantics of FO²_MOD.

ILemma 6. Assume that a formula ϕ∈FO²_MOD in normal form is interpreted over finite words or trees. Then M|=ϕif and only if every (l1, l2, . . . , lm)-full type realized in Mis ϕ-consistent.

Let ϕ be FO²_MOD formula in normal form. For proving the upper bounds in the next sections, we will estimate the size of a model by the following function. We definef(ϕ) as the function, which for a given formula returns the total number of (l₁, l₂, . . . , l_m)-full types over the signature ofϕ. To be precise,f(ϕ) is equal to (2l1l2. . . lm)^|Θ||α|. Note thatf(ϕ) is doubly exponential in the size of the formulaϕ.

3 Finite words

In this section we focus our attention on the case of finite words. We give an alternative proof ofExpSpaceupper bound for the satisfiability problem of FO²_MOD[≤,succ]. Originally this result was proved in [15] by a reduction to unary temporal logic with modulo counting operators. Here we give a direct algorithm dedicated to FO²_MOD[≤,succ], based on a small model property that we prove. The advantage of the method is that it allows an extension to the case of trees and other extensions (e.g., an incorporation of counting quantifiers of the form∃^≤k,∃^≥k is quite obvious).

Small model property. We start by proving that every satisfiable formula in FO²_MOD[≤,succ]

has a small model. The proof technique is similar to the pumping lemma known from the theory of finite word automata.

ILemma 7. Every normal formFO²_MOD[≤,succ]formula satisfiable over finite words has a model Wof size bounded byf(ϕ).

Proof. Consider a satisfiable formula ϕ∈FO²_MOD[≤,succ] and assume that its model W is a word longer thanf(ϕ). We will show that we can remove some subword from Wand

Procedure 1:Satisfiability test for FO²_MOD[≤,succ]

Input: Formulaϕ∈FO²_MOD[≤,succ] in normal form.

1 MaxLength :=f(ϕ) // Maximal length of a model from Lemma 7 2 CurrentPosition := 0

3 guessa full typeαs.t. α(θ) andα(θ₋₁) are zero // Type of the first position 4 if notis-ϕ-consistent(α)then reject // See Definition 5 5 whileCurrentPosition<MaxLengthdo

6 if bothα(θ) andα(θ₊₁) are zero then accept // Type of the last position

7 guessa full typeβ // Type of the successor

8 if notis-ϕ-consistent(β)then reject // See Definition 5 9 if notis-valid-successor(β, α)then reject

10 α:=β

11 CurrentPosition := CurrentPosition + 1

12 reject

obtain a shorter model. By repeating this process, we will finally obtain a model ofϕwith a required size.

By the pigeonhole principle there exist two positionsu, v∈W with equal full-types. Let W⁰ be a word obtained from Wby removing all letters from positions between u andv and collapsinguandv into a single position. Observe that since full types ofuandvare equal, for allj the remainders modulolj of the total number of removed 1-types on positions betweenuandv are equal to 0. Note also that due to presence of 0-1 part in the definition of a full type, all unique 1-types realized by the structure survive the surgery. Therefore, all full types inWremain unchanged. Since all these full types wereϕ-consistent inW, they are alsoϕ-consistent inW⁰. As a consequence of Lemma 6, the wordW⁰ is indeed a model

ofϕ, as expected. J

Algorithm. Now we are ready to present anExpSpacealgorithm for solving the satisfiability for FO²_MOD[≤,succ] interpreted over finite words. We assume that the input formula ϕis in normal form. Since models ofϕcan have doubly-exponential length, we cannot simply guess a complete intended model. To overcome this difficulty, we guess the model on the fly, letter by letter. For each position of the guessed word we guess its full type and after checking some consistency conditions described in Definition 5, we verify if it can be linked with the previous position. This way we never have to store in memory more than two full types. Since the size of a full type is bounded exponentially in|ϕ|, the whole procedure runs inExpSpace. We accept the input, if the guessing process ends after at mostf(ϕ) steps.

To avoid presentational clutter in the description of our algorithm we omit the details of two simple testsis-valid-successor andis-ϕ-consistent. The former takes two full types,β andα, and checks if the position of the typeαcan indeed have a successor of typeβ. It can be easily done by comparing the total number of 1-types on each relative position stored in both types. The latter test takes one full typeαand checks if it satisfies the conditions described in Definition 5.

The correctness of the algorithm above is guaranteed by the following lemma.

ILemma 8. Procedure 1 accepts its inputϕif and only if ϕis satisfiable.

4 Finite trees

In this section we prove the main result of this paper, which is the following theorem. It is a direct consequence of Theorems 12 and 16 below.

ITheorem 9. The satisfiability problem for FO²_MOD[↓,↓⁺,→,→⁺] interpreted over finite trees is 2-ExpTime-complete.

4.1 Upper bound

We start by proving the 2-ExpTimeupper bound. As in previous section, this is done by showing first a small model property and then an algorithm. The small model property is crucial in the proof of correctness of the algorithm. Actually, having defined the notion of the full type, the technique here is a rather straightforward combination of the technique from previous section and from [4]. The main difficulty here was to come up with the right notion of a full type.

4.1.1 Small model property

We demonstrate the small-model property of the logic FO²_MOD[↓,↓⁺,→,→⁺] by showing that every satisfiable formulaϕ has a tree model of depth and degree bounded byf(ϕ). This is done by first shortening ↓-paths and then shortening the →-paths, as in the proof of Lemma 7.

ITheorem 10(Small model theorem). Letϕbe a normal formFO²_MOD[↓,↓⁺,→,→⁺]formula.

If ϕis satisfiable then it has a a tree model in which every path has length bounded by f(ϕ) and every vertex has degree bounded byf(ϕ).

Proof. Let Tbe a model ofϕ. First we show how to shorten↓-paths inT. Assume that there exists a↓-path inTlonger thanf(ϕ). Thus, by the pigeonhole principle, there are two nodesuandvon this path such thatv is a descendant ofuand ftp^T_ϕ(u) = ftp^T_ϕ(v). Consider the treeT⁰, obtained by removing the subtree rooted atuand replacing it by the subtree rooted atv.

Observe that for allj the remainders modulol_j of the total number of removed vertices is equal to 0. Additionally, all unique full types survive the surgery. Thus, all full types are retained from the original tree, so they areϕ-consistent and by Lemma 6 the treeT⁰ is a model ofϕ. By repeating this process we get a tree with all↓-paths shorter than f(ϕ).

Shortening the →-paths is done in a similar way. Assume that there exists a nodev with branching degree greater thanf(ϕ). Then there exist two childrenu, wofv, with equal full types. LetT⁰⁰be a tree obtained by removing all vertices betweenuandw(excludinguand includingw) together with subtrees rooted at them. Again, the remainders modulol_j of the total number of removed vertices are all equal to 0, and all unique types survive the surgery, so all full types are retained fromTand thusϕ-consistent. Therefore the treeT⁰⁰is a model ofϕ. We repeat this process until we get a tree with desired branching. J

4.1.2 Algorithm

In this section, we design an algorithm to check if a given FO²_MOD[↓,↓⁺,→,→⁺] formula ϕ interpreted over finite trees is satisfiable. By Lemma 2 we can assume that the input formula ϕis given in normal form. Then, by Theorem 10, we can turn our attention to trees with degree and path length bounded byf(ϕ). Recall thatf(ϕ) is doubly-exponential in|ϕ|.

Let us describe the core ideas of the algorithm. It works in alternating exponential space. SinceAExpSpace= 2-ExpTime, it can be translated to an algorithm working in 2-ExpTime. The algorithm starts by guessing the full type of the root and then it calls a procedure that builds a tree with the given full type of the root.

The procedure called on a vertexv guesses on the fly the children of v, starting with the leftmost child and storing in the memory at most two children at the same time. While guessing a childv⁰, it checks that its type isϕ-consistent and that it can be correctly linked tov and to its left sibling (if it exists). Then the procedure is called recursively onv⁰ to build the subtree rooted atv⁰, but the recursive call is done in parallel, exploiting the power of alternation. The process is continued in the same way, until the bottom of the tree is reached or the height of the constructed tree exceedsf(ϕ).

There is one more point of the algorithm, namely, we have to make sure that the types of children and their descendants, guessed on the fly, are consistent with the information stored in their parent’s full type, in particular withθ↓ andθ_↓↓⁺ components. To handle the first of them, we can simply compute the union of allθ=components of children, which can be done during the guessing process. Analogously, to handle the second case, we simply compute the union of allθ_↓ andθ_↓↓+ components of all children’s full types.

Below we present a pseudocode of the described procedure. Similarly to the case of finite words, we omit the details of obvious methods for checking consistency. For calculating the union of full-types mentioned in the previous paragraph, we employ⊕operation defined as follows. For given (l1, l2, . . . , lm)-full typesαandβ, the result ofα⊕β is a (l1, l2, . . . , lm)-full typeγ such that for all order formulasθ∈Θ and all 1-typesα∈α, the following condition holds:

γ(θ)(α) = max π₀(α(θ)(α)), π₀(β(θ)(α))

, R₁, R₂, . . . , R_m , whereR_i=r_li(π_i(α(θ)(α)) +π_i(β(θ)(α))).

The following lemma guarantees the correctness of the algorithm and leads directly to the main result of this section.

ILemma 11. Procedure 3 accepts its input formula ϕ∈FO²_MOD[↓,↓⁺,→,→⁺] if and only ifϕis satisfiable over finite trees.

ITheorem 12. The satisfiability problem forFO²_MOD[↓,↓⁺,→,→⁺]interpreted over finite trees is in 2-ExpTime.

4.2 Lower bound

In this section we prove that the satisfiability of FO²_MOD[↓,↓⁺] is 2-ExpTime-hard. We exploit here the fact that 2-ExpTime=AExpSpaceand provide a generic reduction from AExpSpace. This is done in two steps. First we translate computations of alternating Turing machines to winning strategies in (our version of) tiling games. These strategies are then encoded as trees and their existence is translated to the satisfiability problem in FO²_MOD[↓,↓⁺].

Alternating Turing machines. An alternating Turing machine is Turing machine whose set of states containsexistential states anduniversal states. A input word isaccepted by such a machine if the initial configurationleads to acceptance, where leading to acceptance is defined recursively as follows: accepting configurations (i.e., configurations containing

Procedure 2:Building a subtree rooted at given node Input: Formulaϕ∈FO²_MOD[↓,↓⁺,→,→⁺] in normal form, full typeαof a starting node, and current level Lvl∈N.

1 if notis-ϕ-consistent(α)then reject // See Definition 5

2 if Lvl≥f(ϕ)then reject // Path too long

3 if α(θ_↓) is zero then accept // Last node on the path 4 Guess the degree Deg∈[1,f(ϕ)] of a node

5 Guess the full typeβ of the leftmost child and check if its a valid leftmost son ofα

6 Oθ_↓:=β(θ₌) // Types of children guessed so far

7 Oθ_↓↓+ :=β(θ↓)⊕β(θ_↓↓⁺) // Types of descendants guessed so far 8 while Deg>1do

9 Run in parallel Procedure 2 on (ϕ, β,Lvl + 1) // Alternation here 10 Guess a full typeγ of the right brother ofβ and check consistency withα

11 Oθ_↓:=Oθ_↓⊕γ(θ=),Oθ_↓↓+ :=Oθ_↓↓+ ⊕γ(θ_↓)⊕γ(θ_↓↓+) // Updating obligations 12 β :=γ, Deg := Deg−1

13 Run in parallel Procedure 2 on (ϕ, β,Lvl + 1) // Last child 14 if β(θ→) is not zerothen reject // Not valid last node on →-path.

15 if α(θ_↓) =Oθ_↓ andα(θ_↓↓+) =Oθ_↓↓+ then accept else reject

Procedure 3:Satisfiability test for FO²_MOD[↓,↓⁺,→,→⁺] Input: Formulaϕ∈FO²_MOD[↓,↓⁺,→,→⁺] in normal form.

1 guessa full typeαs.t. α(θ_↑) is zero // Type of the root 2 Run Procedure 2 on (ϕ, α,1)

accepting state) lead to acceptance; an existential configuration leads to acceptance if there exists its successor configuration that leads to acceptance; a universal configuration leads to acceptance if all its successor configurations lead to acceptance. More details can be found in [2].

4.2.1 Tilling Games

Corridor tiling games, aka rectangle tiling games [8] provide a well-known technique for proving lower bounds in space complexity. Here we develop our own version of these games that is able to encode alternating Turing machines from previous section and to be encoded in FO²_MOD[↓,↓⁺].

By a tiling game we understand a tuple of the formhC, T₀, T₁, n,ht₀, . . . , t_ni,, Li, where C is a finite set ofcolors; T0, T1⊆C⁴are two sets oftiles (these two sets are not meant to be disjoint);nis a natural number;ht₀, . . . , tniis aninitial sequence ofn+ 1 tiles;∈Cis a special color calledwhite;L⊆T0∪T1 is a set of tiles allowed in thelast row.

We think of a tileha, b, c, di ∈C⁴as of a square consisting of four smaller squares, colored respectively with colors a, b, c andd(see Figure 1). In the following we will require that adjacent tiles have matching colors, both horizontally and vertically. Formally, we define the horizontal adjacency relationH ={hha, b, c, di,hb, e, d, fii |a, b, c, d, e, f,∈C} and the vertical adjacency relation V = {hha, b, c, di,hc, d, e, fii | a, b, c, d, e, f,∈ C}. We define a correctly tiled corridor to be a rectangle of sizek×2ⁿfor somek∈Nfilled with tiles, with all horizontally adjacent tiles inH and all vertically adjacent tiles in V, with first row starting

a b c d

b e d f

a b c d c d e f

a a b b a c

a b c d

b d e e c c d d e e

Figure 1Horizontally adjacent tiles, vertically adjacent tiles, and a correct tiling

with tilest0, . . . , tn and padded out with white tiles, with last row built only from tiles inL, and with all edges being white. Figure 1 shows an example of correctly tiled corridor for n= 2 and initial tilesh,,, ai,h,, a, bi,h,, b,i.

Consider the following game. There are two players,Prover (also called theexistential player) andSpoiler (also called theuniversal player). The task of Prover is to construct a correct tiling; the task of Spoiler is to prevent Prover from doing this. At the beginning they are given the initial rowt₀, . . . , t_n,(⁴)²ⁿ⁻ⁿ⁻¹. In each move the players alternately choose one of the two setsT0orT1and build one row consisting of 2ⁿ tiles from the chosen set. The first move is performed by Prover. Prover wins if after a finite number of moves there is a correctly tiled corridor, otherwise Spoiler wins. There are two possibilities for Spoiler to win:

either Prover cannot make a move while the last constructed row is not inL^∗ or the game lasts forever.

We say that a tiling gameh_, T0, T1,_,_,_,_iiswell-formed if for any play of the game and for any partial (i.e., non-complete) tiling constructed during this play, exactly one new row can be correctly constructed from tiles inT0 and exactly one from tiles inT1. In other words, every possible move in any play of the game is fully determined by the choice of the set of tiles,T₀ orT₁.

4.2.2 From Alternating Machines to Tiling Games

The first step of the lower-bound proof for FO²_MOD[↓,↓⁺] is a reduction from alternating machines to tiling games. Actually, we have defined our version of tiling games in such a way that the proof of the following theorem becomes a routine exercise. The details can be found in the full version.

ITheorem 13. For all alternating Turing machines M working in exponential space and all input words w there exists a well-formed tiling game of size polynomial in the sizes ofM and wsuch that Prover has a winning strategy in the game if and only ifwis accepted by M.

The theorem above directly leads to the lower bound on the complexity of tiling games.

ICorollary 14. The problem whether Prover has a winning strategy in a tiling game is 2-ExpTime-hard.

4.2.3 From Tilling Games to FO

[↓, ↓

]

Here we show the second step of the lower-bound proof for FO²_MOD[↓,↓⁺], which is a reduction from tiling games to FO²_MOD[↓,↓⁺]. We are going to encode strategies for the existential player as trees. Every complete path in such an encoding corresponds to a correct tiling for G. The nodes on such a path, read from the root to the leaf, correspond to tiles in the tiling, read row by row from left to right. Intuitively, most nodes have just one child corresponding

to the tile placed directly to the right. Nodes corresponding to tiles in the last column should have one or two children, depending on whether it is the existential or universal player’s turn.

Formally the situation is a bit more complicated, because we are not able to prevent the tree from having additional branches with no meaning (for example, a node may have several children, each of which encodes the same right neighbor).

For a given numbernwe will be using unary predicatesB₀, . . . , B_n−1for counting modulo 2ⁿ; the predicate Bi will be responsible of thei-th bit of the corresponding number;B0 is the least significant bit. This is a standard construction that can be found e.g. in [13] or [4], so we do not present the details here. In the following we will be using several macros that expand in an obvious way to formulas of length polynomial innover predicatesB0, . . . , B_n−1. Some of them are listed below.

Nr(x) = 0 the number encoded in the nodexis 0 Nr(x) = 2ⁿ−1 the number encoded in the nodexis 2ⁿ−1 Nr(x) =Nr(y) + 1 the number inxis the successor of the number iny

Nr(x)>Nr(y) the number inxis greater than the number iny . . . . . .

For example, the macro Nr(x)>Nr(y) expands to

n

_

i=0

Bi(x)∧ ¬Bi(y)∧

n

^

j=i+1

(Bj(x)⇔Bj(y))

ITheorem 15. For all well-formed tiling gamesGthere exists a formulaϕ∈FO²_MOD[↓,↓⁺] of size polynomial in the size ofGsuch that the existential player has a winning strategy in Gif and only if ϕis satisfiable over finite trees.

Sketch of proof. LetG=hC, T0, T1, n,ht0, . . . , tni,, Li. We are going to define the formula ϕas a conjunction of several smaller formulas responsible for different aspects of the encoding.

Most of these aspects are routine; the most interesting is adjacency.

Numbering of nodes. We start by numbering nodes on paths in the underlying tree. These numbers encode the column numbers of the corresponding tiles. The following formulas express that the root is numbered 0, the number of any other node is the number of its father plus one modulo 2ⁿ, and that all rows are complete (i.e., they have 2ⁿ tiles).

∀x ¬(∃y y↓x)⇒Nr(x) = 0

∀x Nr(x)6= 2ⁿ−1⇒(∃y x↓y)∧ ∀y(x↓y⇒Nr(y) =Nr(x) + 1)

∀x Nr(x) = 2ⁿ−1⇒ ∀y(x↓y⇒Nr(y) = 0)

Tiles and colors. Lett0, . . . , tmbe an enumeration of all tiles occurring in the game, that is inT₀∪T₁∪ {t0, . . . , t_n,h,,,i}. The predicates tile₁, . . . ,tile_mcorrespond to these tiles. For each colorc∈C we introduce four predicatesπ^c₁, π^c₂, π₃^c, π₄^c that will be used to encode the four colors of a tile. The formulas below express that each node in the underlying tree corresponds to precisely one tile and is colored with the four colors of the tile. We assume here thatti =hc¹_i, c²_i, c³_i, c⁴_ii. We also introduce predicatessetT₀, setT₁ andsetL corresponding to the setsT0,T1andL, respectively.

∀x_^m

i=0

tilei(x)∧^

j6=i

¬tilej(x)

∀x

4

^

i=1

_^m

c∈C

π_i^c(x)∧ ^

c⁰6=c

¬π_i^c0(x)

m

^

i=0

∀x tile_i(x)⇔π₁^c1i(x)∧π^c₂²ⁱ(x)∧π^c₃³ⁱ(x)∧π₄^c4i(x)

( _

ti∈T0

tilei(x))⇔setT0(x)

∧ ( _

ti∈T1

tilei(x))⇔setT1(x)

∧ (_

ti∈L

tilei(x))↔setL(x)

First and last row. The predicatesFirst andLast are used to distinguish the first and the last row of a correct tiling. A nodexcorresponds to a tile in the first row if there is no other tile in the same column in previous rows. The last row is described dually. The first row is built from tilest0, . . . , tn and padded out with white tiles, the last row is built only from tiles inL. The formulas expressing these properties are quite obvious and we omit them here, but they can be found in [2].

Existential and universal rows. Each element in each row is marked with predicateE or Adepending on which player’s turn it is. Each row is marked the same (each element has the same marking as its left neighbor, if it exists). The first row is existential and then the marking alternates between existential and universal.

Universal rows have two successors. Each non-first row is marked with predicatemove0

ormove1 depending on the set of tiles (T0or T1) from which it is built. Universal non-last rows have two successors, marked respectively withmove₀ andmove₁.

Horizontal adjacency. This is simple. We first establish the white frame on the first and last tile in each row and then simply say that for each non-first tile in any row the left edge of the tile matches the right edge of the preceding tile.

∀x Nr(x) = 0⇒π₁(x)∧π₃(x)

∀x Nr(x) = 2ⁿ−1⇒π₂(x)∧π₄(x)

^

c∈C

∀x (Nr(x)6= 0)∧π^c₁(x)⇒ ∃y(y↓x∧π₂^c(y))

^

c∈C

∀x (Nr(x)6= 0)∧π^c₃(x)⇒ ∃y(y↓x∧π₄^c(y))

Vertical adjacency. This is the tricky part of the encoding. The difficulty comes from the fact that we cannot number rows of the tiling and we have no means to say that two tiles occur in consecutive rows. Using predicatesB0, . . . , B_n−1 we can number the 2ⁿ columns, but the number of rows may be much higher and we cannot afford having enough predicates for numbering them. Therefore, we can say that two tiles occur in the same column (or in consecutive columns), but we cannot do the same with rows. On the other hand, when we add a new tile to a row, we have to make sure that the upper edge of the new tile matches

the lower edge of the tile directly above, so we have to read the colors of the tile directly above. For non-white colors this can be done by observing that each occurrence of a color in an upper edge of a row must be matched with another occurrence of the same color in a lower edge of the previous row in the same column, therefore the number of occurrences of each color in each column should be even. Hence the color directly above the upper edge of the current row is the only non-white color that occurs an odd number of times in the current column in preceding rows. In the case of white color we have to take into consideration the upper white edge of the constructed tiling, so the color directly above is white if it occurs an even number of times in the current column in preceding rows.

∀x π₁(x)⇒ ∃^=0,2y y↓⁺x∧Nr(y)=Nr(x)∧(π₁(y)∨π₃(y))

∀x π₂(x)⇒ ∃^=0,2y y↓⁺x∧Nr(y)=Nr(x)∧(π₂(y)∨π₄(y))

^

c∈C\{}

∀x π^c₁(x)⇒ ∃^=1,2y y↓⁺x∧Nr(y)=Nr(x)∧(π₁^c(y)∨π₃^c(y))

^

c∈C\{}

∀x π^c₂(x)⇒ ∃^=1,2y y↓⁺x∧Nr(y)=Nr(x)∧(π₂^c(y)∨π₄^c(y))

Correctness of the constructed formula. Letϕbe the conjunction of all formulas mentioned above. It is not difficult to see that the size ofϕis polynomial in the size ofG: the longest part ofϕis the encoding of tiles and colors, which is proportional in length to the sum of squared numbers of tiles and colors.

Assume that ϕhas a finite modelM. The formulaTiles and colors guarantees that each node inMdirectly encodes precisely one tile. The formulaNumbering of nodes guarantees that nodes on each root-to-leaf path are correctly numbered modulo 2ⁿ, with the root numbered 0 and the leaf numbered 2ⁿ−1. Thus each segment of length 2ⁿ of such a path, consisting of nodes numbered from 0 to 2ⁿ−1, corresponds to one row of tiles. TheHorizontal adjacency formula guarantees that (horizontally) adjacent tiles in such a row have matching colors. Similarly,Vertical adjacency formula guarantees that tiles occurring on the same position in two consecutive rows (that is, vertically adjacent tiles) have matching colors. The First and last row formula guarantees that the first row is initial and the last row is built from tiles inL. Therefore each complete path inMencodes a correctly tiled corridor. By theExistential and universal rows formula all rows encoded in any such path are alternately marked as existential and universal, starting with an existential one. Finally, theUniversal rows have two successorsformula guarantees that each encoding of a universal row in Mis followed by encodings of two existential rows, one build from tiles inT0 and one from tiles in T₁. Thus (here we use the assumption that the game is well-formed)Mcovers both possible moves of the universal player. Now the strategy of the existential player is to follow the path in Mcorresponding to the partial tiling as it is constructed during the game. She starts in the root ofM. Then, every time when it is her turn, the existential player reads fromMany successor row of her current position and replies with this row, moving down the tree to the position of the successor row. Every time when it is the universal player’s turn, his both possible moves are encoded as successor rows of the current position of the existential player, so she can always follow the branch chosen by the universal player. SinceMis finite, each play stops after finitely many rounds with the constructed tiling corresponding to a path in M. Therefore in each play we obtain a correctly tiled corridor and the existential player wins.

For the other direction, assume that the existential player has a winning strategy. We construct a modelMof ϕinductively, level by level, as follows. We start with 2ⁿ nodes, number them from 0 to 2ⁿ−1 using predicatesB₀, . . . , B_n−1 and connect consecutive nodes with predicate ↓. Then we label nodes numbered 0 to n with predicates tile0, . . . ,tilen, respectively, and nodes numberedn+ 1 to 2ⁿ−1 withh,,,i. Then (and later, always after adding new labels of the formtilei) we add appropriate labels π_j^c,setT0,setT1 and setL to make the formulaTiles and colors true. Similarly, we add labels↓⁺to all pairs of nodes that are connected by the transitive closure of↓. We also label all these nodes with predicatesFirst andE. This way we obtain the encoding of the initial row in the game.

Next we inductively, level by level, construct the remaining parts ofM.

Assume thatMis constructed up to some levelk, with all leaves labeledE, and that each path constructed so far encodes a partial tiling in some play afterkrounds, with existential player’s turn. We extendMleaf by leaf. Let us consider one such leaf`, it encodes the last tile in some row. If all tiles in this row are in the setL, we label all nodes in this row with predicateLast and finish the construction. Otherwise letr be the next row given by the winning strategy of the existential player in the partial play encoded by the path from the root to`. We take fresh 2ⁿ nodes and extend the path from root to`with the encoding of a rowr, as above, but this time labeling all new nodes with predicateAindicating the universal player’s move. We also label all new nodes with predicatemove0 ormove1, depending on whether r is constructed from tiles inT₀ orT₁, respectively. Again, if the row is final, it is marked with predicateLast, otherwise we take twice 2ⁿ fresh nodes and connect to the current leaf two segments of length 2ⁿthat encode two possible moves of the universal player.

We mark each node in both segments with predicate E and thus finish the construction of levelk+ 1 at node `. The construction is repeated for all leafs at levelk. Since during the construction we follow the winning strategy, no encoded play can last forever and the construction ends after finitely many iterations. By inspection of all conjuncts one can check

that the constructed tree is a model ofϕ. J

As a corollary of the theorem above and Corollary 14 we get the main theorem of this section.

ITheorem 16. The satisfiability problem forFO²_MOD[↓,↓⁺]interpreted over finite trees is 2-ExpTime-hard.

5 Conclusions and future work

We have shown that the satisfiability problem for two-variable logic extended with modulo counting quantifiers and interpreted over finite trees is 2-ExpTime-complete. The upper bound is based on the small-model property of the logic; for the lower bound we have developed a version of tiling games forAExpSpacecomputations.

There are several possible directions for future work. One of them is studying restrictions or extensions of the logic presented here. Natural candidates for restrictions includeguarded fragment of the logic or unary alphabet restriction as in [4]; natural extensions include arbitrary uninterpreted binary symbols as in [3]. Another possibility is investigation of the (finite) satisfiability problem for FO²_MOD on arbitrary structures – we even do not know whether this problem is decidable. Yet another direction is to study the expressive power of the logic and to find an expressively equivalent extension of CTL.

References

1 Augustin Baziramwabo, Pierre McKenzie, and Denis Thérien. Modular temporal logic. In 14th Annual IEEE Symposium on Logic in Computer Science, Trento, Italy, July 2-5, 1999, pages 344–351. IEEE Computer Society, 1999. doi:10.1109/LICS.1999.782629.

2 Bartosz Bednarczyk and Witold Charatonik. Modulo counting on words and trees. CoRR, http://arxiv.org/abs/1710.05582, 2017. URL:http://arxiv.org/abs/1710.05582.

3 Bartosz Bednarczyk, Witold Charatonik, and Emanuel Kieronski. Extending two-variable logic on trees. In Valentin Goranko and Mads Dam, editors, 26th EACSL Annual Con- ference on Computer Science Logic, CSL 2017, August 20-24, 2017, Stockholm, Sweden, volume 82 ofLIPIcs, pages 11:1–11:20. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 2017. doi:10.4230/LIPIcs.CSL.2017.11.

4 Saguy Benaim, Michael Benedikt, Witold Charatonik, Emanuel Kieroński, Rastislav Lenhardt, Filip Mazowiecki, and James Worrell. Complexity of two-variable logic on fi- nite trees. ACM Transactions on Computational Logic, 17(4):32:1–32:38, 2017. Extended abstract in ICALP 2013. URL:http://dl.acm.org/citation.cfm?id=2996796.

5 Michael Benedikt and Luc Segoufin. Regular tree languages definable in FO and in fomod. ACM Trans. Comput. Log., 11(1):4:1–4:32, 2009. doi:10.1145/1614431.1614435.

6 Christoph Berkholz, Jens Keppeler, and Nicole Schweikardt. Answering FO+MOD queries under updates on bounded degree databases. In Michael Benedikt and Giorgio Orsi, edi- tors,20th International Conference on Database Theory, ICDT 2017, March 21-24, 2017, Venice, Italy, volume 68 ofLIPIcs, pages 8:1–8:18. Schloss Dagstuhl - Leibniz-Zentrum fuer

Informatik, 2017. doi:10.4230/LIPIcs.ICDT.2017.8.

7 Witold Charatonik and Piotr Witkowski. Two-variable logic with counting and a linear order. Logical Methods in Computer Science, 12(2), 2016. doi:10.2168/LMCS-12(2:8) 2016.

8 Bogdan S. Chlebus. Domino-tiling games. J. Comput. Syst. Sci., 32(3):374–392, 1986.

doi:10.1016/0022-0000(86)90036-X.

9 Kousha Etessami, Moshe Y. Vardi, and Thomas Wilke. First-order logic with two variables and unary temporal logic. Inf. Comput., 179(2):279–295, 2002. doi:10.1006/inco.2001.

2953.

10 Erich Grädel, Martin Otto, and Eric Rosen. Two-variable logic with counting is decidable.

In Proceedings, 12th Annual IEEE Symposium on Logic in Computer Science, Warsaw, Poland, June 29 - July 2, 1997, pages 306–317. IEEE Computer Society, 1997. doi:10.

1109/LICS.1997.614957.

11 Frederik Harwath and Nicole Schweikardt. On the locality of arb-invariant first-order formulas with modulo counting quantifiers. Logical Methods in Computer Science, 12(4), 2016. doi:10.2168/LMCS-12(4:8)2016.

12 Lucas Heimberg, Dietrich Kuske, and Nicole Schweikardt. Hanf normal form for first-order logic with unary counting quantifiers. In Martin Grohe, Eric Koskinen, and Natarajan Shankar, editors,Proceedings of the 31st Annual ACM/IEEE Symposium on Logic in Com- puter Science, LICS ’16, New York, NY, USA, July 5-8, 2016, pages 277–286. ACM, 2016.

doi:10.1145/2933575.2934571.

13 Emanuel Kieronski. On the complexity of the two-variable guarded fragment with transitive guards. Inf. Comput., 204(11):1663–1703, 2006. doi:10.1016/j.ic.2006.08.001.

14 Andreas Krebs and A. V. Sreejith. Non-definability of languages by generalized first-order formulas over (n, +). In Proceedings of the 27th Annual IEEE Symposium on Logic in Computer Science, LICS 2012, Dubrovnik, Croatia, June 25-28, 2012, pages 451–460. IEEE Computer Society, 2012. doi:10.1109/LICS.2012.55.

15 Kamal Lodaya and A. V. Sreejith. Two-variable first order logic with counting quantifiers:

Complexity results. In Émilie Charlier, Julien Leroy, and Michel Rigo, editors, Develop- ments in Language Theory - 21st International Conference, DLT 2017, Liège, Belgium, August 7-11, 2017, Proceedings, volume 10396 ofLecture Notes in Computer Science, pages 260–271. Springer, 2017. doi:10.1007/978-3-319-62809-7_19.

16 Maarten Marx and Maarten de Rijke. Semantic characterization of navigational XPath. In First Twente Data Management Workshop (TDM 2004) on XML Databases and Informa- tion Retrieval, pages 73–79, 2004.

17 Juha Nurmonen. Counting modulo quantifiers on finite structures. Inf. Comput., 160(1- 2):62–87, 2000. doi:10.1006/inco.1999.2842.

18 Andreas Potthoff. Modulo-counting quantifiers over finite trees. Theor. Comput. Sci., 126(1):97–112, 1994. doi:10.1016/0304-3975(94)90270-4.

19 Amitabha Roy and Howard Straubing. Definability of languages by generalized first-order formulas over n+. SIAM J. Comput., 37(2):502–521, 2007. doi:10.1137/060658035.

20 Dana Scott. A decision method for validity of sentences in two variables. Journal of Symbolic Logic, 27:477, 1962.

21 A. V. Sreejith. Expressive completeness for LTL with modulo counting and group quanti- fiers. Electr. Notes Theor. Comput. Sci., 278:201–214, 2011. doi:10.1016/j.entcs.2011.

10.016.

22 Howard Straubing and Denis Thérien. Modular quantifiers. In Jörg Flum, Erich Grädel, and Thomas Wilke, editors,Logic and Automata: History and Perspectives [in Honor of Wolfgang Thomas]., volume 2 of Texts in Logic and Games, pages 613–628. Amsterdam

University Press, 2008.

23 Howard Straubing, Denis Thérien, and Wolfgang Thomas. Regular languages defined with generalized quanifiers. Inf. Comput., 118(2):289–301, 1995.doi:10.1006/inco.1995.

1067.